LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 01-06-2007, 05:11 PM   #1
noir911
Member
 
Registered: Apr 2004
Location: Baltimore, MD
Posts: 681

Rep: Reputation: Disabled
[Perl] cgi.pm - save input in .html file


I created a cgi file (test.cgi) which takes user input and shows at the bottom of test.cgi. I want the result to be saved on test.cgi or to some other .html or .cgi file until and unless it is changed by another user; so if someone goes to http://127.0.0.1/test.html they would be able to see the last saved action.

Here's my code

Code:
#!/usr/bin/perl

use CGI qw(:standard);

print header;
print start_html('Test Form'),
    h1('A Test Form'),
    start_form,
    "What's your name? ",textfield('name'),
    p,
    "What's your favorite mail client?",
    p,
    checkbox_group(-name=>'words',
                   -values=>['mutt','mail','pico','sylpheed'],
                   -defaults=>['mutt','mail']),
    p,
    "What's your favorite editor? ",
    popup_menu(-name=>'editor',
               -values=>['emacs','vi','ed','cat']),
    p,
    submit,
    end_form,
    hr;

if (param()) {
    print
        "Your name is",em(param('name')),
        p,
        "The keywords are: ",em(join(", ",param('words'))),
        p,
        "Your favorite editor is ",em(param('editor')),
        hr;
}
print end_html;
here's my output

Quote:

A Test Form

What's your name?

What's your favorite mail client?

mutt mail pico sylpheed

What's your favorite editor? <drop down list>

(Submit Query button)

Your name is john

The keywords are: mail, pico

Your favorite editor is cat

Last edited by noir911; 01-06-2007 at 05:14 PM.
 
Old 01-07-2007, 05:06 AM   #2
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu
Posts: 1,415

Rep: Reputation: 99
you could open a filehandle and print to the filehandle the html code you need to display the content including the current values of the variables. see perldoc perlfunc => "open". The html file should reside outside of the cgi-bin and be included in a frame i.e. It is a big security risk to make the cgi-bin writable for web users on production servers. good luck, r
 
Old 01-07-2007, 02:36 PM   #3
petersum
Member
 
Registered: May 2006
Location: Karachi, Pakistan
Posts: 140

Rep: Reputation: 15
j-ray's reply seems a little confusing but essentially correct. As I see it, the security risk is by using the perl module to write the form. A normal HTML page (not in cgi-bin) is better. Then a parsing script to take the post data and write it to any file (again not a .htm file, even though it may contain HTML code) using the open statement as j-ray suggested. This file should have a weird extension that the web-server wont recognise and even a hacker wont understand. Then use javascript to insert it into a webpage.

Of course, this assumes that you have a good knowledge of perl and javascript. But that is what security is all about. Forms will always be dangerous when used by novice and even quite well experienced programmers. Why don't I like perl modules? Because, they are not needed and can expose you to security risks when you are not familiar with the inner workings.

The most important security check is to ensure that the form data really did come from the form on your server and not from somewhere else. Also that it contains ONLY the normal text that you expect, and not programming code!

Security is a pain, or fun to impliment, depending on your frame of mind. Until you get the hang of it, stay on 127.0.0.1 !!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Perl cgi Script can`t make file.Why? ZairSadiqov Linux - Software 1 11-22-2006 07:22 AM
Perl/CGI uploader program - temp file not getting deleted anroy Programming 4 09-13-2006 02:33 AM
PERL: Can you open an HTML file from a web address? SparceMatrix Programming 3 02-07-2006 11:06 AM
htmldoc - a different input from an html file - cubax Linux - General 1 05-15-2005 11:54 PM
cgi perl : I cant get perl to append my html file... the_y_man Programming 3 03-22-2004 05:07 AM


All times are GMT -5. The time now is 02:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration